From owner-freebsd-ports-bugs@FreeBSD.ORG  Tue Jun 23 02:17:16 2015
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@nevdull.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id E6E29BFF
 for <freebsd-ports-bugs@nevdull.freebsd.org>;
 Tue, 23 Jun 2015 02:17:16 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id CD1FF18D
 for <freebsd-ports-bugs@FreeBSD.org>; Tue, 23 Jun 2015 02:17:16 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t5N2HGHJ021162
 for <freebsd-ports-bugs@FreeBSD.org>; Tue, 23 Jun 2015 02:17:16 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-ports-bugs@FreeBSD.org
Subject: [Bug 201065] sysutils/logstash-forwarder: [security] Request update
 to 0.4.0 to resolve SSLv3 security concerns
Date: Tue, 23 Jun 2015 02:17:16 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Ports & Packages
X-Bugzilla-Component: Individual Port(s)
X-Bugzilla-Version: Latest
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: jason.unovitch@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-ports-bugs@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: maintainer-feedback?
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter cc
 flagtypes.name
Message-ID: <bug-201065-13@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ports-bugs>, 
 <mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs/>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
 <mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jun 2015 02:17:17 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201065

            Bug ID: 201065
           Summary: sysutils/logstash-forwarder: [security] Request update
                    to 0.4.0 to resolve SSLv3 security concerns
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: freebsd-ports-bugs@FreeBSD.org
          Reporter: jason.unovitch@gmail.com
                CC: cheffo@freebsd-bg.org
                CC: cheffo@freebsd-bg.org
             Flags: maintainer-feedback?(cheffo@freebsd-bg.org)

Based off discussion on logstash security updates in bug 201001, one of the
issues researched revealed this security issue from the logstash-forwarder
change log.

= Security:
- Requires server support TLS 1.0 or higher (#402). This resolves a number of
  security concerns, including POODLE. The POODLE concern was reported
  and validated by Tray Torrance, Marc Chadwick, and David Arena. Additionally,
  the PCI SSC announced that SSLv3 was not acceptable anymore.

https://github.com/elastic/logstash-forwarder/blob/master/CHANGELOG

-- 
You are receiving this mail because:
You are the assignee for the bug.